Skip to content

Instantly share code, notes, and snippets.

@JanTvrdik
Last active May 16, 2017 19:08
Show Gist options
  • Save JanTvrdik/d22f53604f3bfd78df3863cf1ad87b8a to your computer and use it in GitHub Desktop.
Save JanTvrdik/d22f53604f3bfd78df3863cf1ad87b8a to your computer and use it in GitHub Desktop.
Generate TLS certificate signed by root certificate
#!/usr/bin/env bash
set -o errexit -o pipefail -o nounset
IFS=$'\n\t'
ROOT="$(dirname $0)/root"
if [[ -f $ROOT.key || -f $ROOT.crt ]]; then
echo "Root certificate already exist"
exit 1
fi
mkdir -p "$(dirname $ROOT)"
openssl req -new -newkey rsa:2048 -sha256 -days 3650 -x509 -extensions v3_ca -keyout "$ROOT.key" -out "$ROOT.crt"
#!/usr/bin/env bash
set -o errexit -o pipefail -o nounset
IFS=$'\n\t'
if [[ "$#" -ne 1 ]]; then
echo "Usage: $0 <domain>"
exit 1
fi
DOMAIN="$1"
NAME="$(dirname $0)/$DOMAIN"
ROOT="$(dirname $0)/root"
# generate private key
openssl genrsa -out "$NAME.key" 2048
# generate signing request
openssl req -new -sha256 -subj "/CN=$DOMAIN" -key "$NAME.key" -out "$NAME.csr"
# generate extensions file
echo "subjectAltName = DNS:$DOMAIN" > "$NAME.ext"
# generate public certificate
openssl x509 -req -sha256 -days 3650 -extfile "$NAME.ext" -in "$NAME.csr" -CA "$ROOT.crt" -CAkey "$ROOT.key" -CAserial "$ROOT.srl" -CAcreateserial -out "$NAME.crt"
# remove signing request and extensions file
rm "$NAME.csr" "$NAME.ext"
# generate packed pem file for Caddy
cat "$NAME.crt" "$NAME.key" > "$NAME.packed.pem"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment